Practice Guide Trade Secrets Act

What do Coca-Cola, Kentucky Fried Chicken and WD-40 have in common? Their recipes are among the best-kept trade secrets in the world. Almost every company has secrets worth protecting - from its own price calculations to customer lists and technical innovations. Since 2019, the German Trade Secrets Act (GeschGehG) has regulated how companies can legally protect this valuable information. However, legal protection only applies if companies take action themselves. This guide shows what a trade secret is, what protective measures you need to take and what role your employees play in this.
These are trade secrets
A trade secret protects the valuable knowledge of a company. This includes, for example, technical drawings, recipes, customer lists, marketing strategies, production methods or price calculations. For information to be considered a trade secret, it must fulfill three central characteristics:
- It must not be publicly known.
- It must have an economic value.
- It must be secured by suitable protective measures.
One example: Only a few Haribo employees know the recipe for the gummy bears. The exact composition is a trade secret and is closely guarded. For over 100 years, the recipe has ensured the unmistakable taste of the products - and the success of the company.
Trade Secrets Act: regulations and areas of application
Since 2019, the Trade Secrets Act, also known colloquially as the Trade Secrets Protection Act, has strengthened the position of companies wishing to protect their valuable information. It transposes the European Know-how Protection Directive into German law and thus creates an independent law for the protection of trade secrets for the first time. The Trade Secrets Protection Act clearly defines what a trade secret is and when it is breached. The law also provides companies with effective tools to take action against industrial espionage and betrayal of secrets. Protection is mandatory for everyone: from freelancers to limited liability companies and corporations. Anyone who legally uses third-party trade secrets, for example through a license, also enjoys this protection.
Obtain trade secrets: These are permitted and punishable acts
The Trade Secrets Protection Act makes a clear distinction between permitted and prohibited ways of obtaining trade secrets. According to the GeschGehG, independent discovery and development is permitted. For example, employees may buy a competitor's product and investigate how it works. Anyone who comes up with a solution themselves through observation, research and testing (reverse engineering) is also acting legally. Employees may also continue to use their professional experience and skills after changing jobs.
On the other hand, all methods that rely on deception or criminal acts are prohibited. These include
- the hacking of company computers
- copying confidential documents
- bribing employees
- Photography in protected production areas
- the interception of conversations
- the unauthorized use of stolen information
A concrete example: A sales employee may take knowledge acquired about successful sales strategies into their next employment relationship. However, they may not copy their old employer's secret customer list and take it with them - this is a violation of the GeschGehG.
Possible confidentiality measures for companies
The legal protection of the GeschGehG only applies if you take action yourself. You must take measures to prevent the intentional or unintentional disclosure of confidential information. If you leave confidential information on your desk or do not secure it with technical measures, you cannot later invoke the protection of confidentiality. The good news is that simple confidentiality measures are often sufficient to ensure the necessary protection. Without these measures, you cannot take legal action against the perpetrator in the event of theft or betrayal.
The Trade Secrets Act requires appropriate confidentiality measures to be taken. The measures are divided into these three areas:
- organizational
- technical
- legal
The scope depends on the importance of the information - the more valuable the secret, the more extensive the protective measures must be.
Organizational protective measures
Organizational measures start with clear responsibilities: Determine who has access to what information. Confidential documents belong in locked cabinets, sensitive areas need access controls. Visitors should never be allowed to walk through production unaccompanied. A clean desk policy - removing sensitive business information such as documents, USB sticks or business cards from the desk every day - also protects against a breach of the GeschGehG. Organizational protective measures also include, for example, providing employees with comprehensive training.
Technical protective measures
Technical measures are based on modern IT security. These include, for example
- a firewall
- Secure passwords and two-factor authentication
- Encrypted data transmission
- Logging of access to sensitive data
- Protection against unauthorized copying
- Secure disposal of data carriers and documents
Legal protective measures
Legal measures start with the employment contract. Confidentiality agreements with employees, customers and business partners are essential for effective confidentiality and clearly regulate how they must handle confidential information. You must also specify which information is considered confidential - a blanket confidentiality clause is not enough.
Consequences of violations of the GeschGehG
Anyone who violates trade secrets must expect consequences. The following applies: not only deliberate betrayal of secrets, but also negligent disclosure have considerable legal and economic consequences. The law provides companies with effective tools to enforce their rights. The consequences can be both civil and criminal.
In the event of an infringement, you can immediately enforce a claim for injunctive relief. This means that the unlawful use must be stopped immediately. You can also demand that unlawfully obtained trade secrets be destroyed or handed over. The person who breaks the law must also pay compensation for the damage caused. Anyone who violates trade secrets risks a prison sentence of up to three years or a fine. In the case of commercial activity, there is even a risk of up to five years in prison.
Protecting trade secrets with training courses from the Compliance College
Even the best technical measures to protect your business secrets are of little use if employees do not know how to handle confidential information. This is where the Compliance College comes in. It combines legally compliant documentation with sustainable awareness-raising among employees - in a modern, digital way.
With the Compliance College , you can efficiently implement contractual protective measures such as confidentiality obligations and non-disclosure agreements. The interactive training courses on compliance, data privacy and IT security sensitize your employees to the protection of trade secrets in a practical way.
The protection of trade secrets only works if everyone participates. The Compliance College creates the basis for precisely this: your employees not only understand their duties, but also develop a real awareness of the value and handling of confidential information.
Conclusion: Protecting trade secrets together
The protection of trade secrets is a comprehensive task that requires technical, organizational and legal measures. It is crucial that all levels of the company are involved. It is particularly important that your employees understand how to handle confidential information. Therefore, invest in regular training and an open communication culture.
You might also be interested in